Impact

The heap memory corruption could potentially be used by an attacker to execute arbitrary code on vulnerable instances of Silverlight. The vulnerability could be used to break out of the .NET sandbox to achieve native code execution. This vulnerability can be triggered remotely through a web browser through use of a specially crafted web page.

Cause

The vulnerability is caused by Microsoft Silverlight incorrectly freeing memory when rendering specially crafted XAML glyphs. (For example: Unicode Glyph characters for the Hebrew accent and point character set).

Interim Workaround

In order to mitigate this vulnerability from exploitation remotely through the browser Silverlight can be disabled. However, applications which make use of Silverlight will still be vulnerable. Full remediation requires the application of MS12-034 patch available through Windows Updates.